An introduction to format string vulnerabilities within the Windows Intel
Architecture environment. During this presentation will introduce the audience
to the concepts of format strings and associated vulnerabilities. I will take
the audience from the basics of what is a format string and how itís used,
through discovering and leveraging of format string vulnerabilities. I will show
how format strings vulnerabilities can be used to read data from process stack,
arbitrary memory and also methods used to write data to arbitrary memory.
Leveraging vulnerable format string functions we will also discuss the basics of
triggering various exceptions to gain control of the flow of execution within a
vulnerable application. This presentation will include a number of live
demonstrations.

Deral Heiland

Deral Heiland CISSP, serves as a Senior Security Engineer for CDW where he is
responsible for security assessments, and consulting for corporations and
government agencies. In addition, Deral is the founder of Ohio Information
Security Forum a not for profit organization that focuses on information
security training and education. Deral Is also a member of the foofus.net
security team.Deral has presented at numerous conferences including ShmooCon,
Defcon, CarolinaCon, Securitybyte India, and has also been a guest lecturer at
the Airforce Institute of Technology (AFIT). Deral has over 18 years of
experience in the Information Technology field, and has held multiple positions
including: Senior Network Analyst, Network Administrator, Database Manager,
Financial Systems Manager and Senior Information Security Analyst where he was
responsible for delivering security guidance and leadership in the area of risk
and vulnerability management for a global Fortune 500 manufacturer.